Baseline Controls News Resources Glossary About
Free Assessment
Home / News / How to Use Your Cybersecurity Assessment Results
February 7, 2026 Guide 2 min read

How to Use Your Cybersecurity Assessment Results

By Cybersecurity Canada Editorial Team | Published February 7, 2026
How to Use Your Cybersecurity Assessment Results

You've completed the Cybersecurity Canada assessment — now what? Your results contain valuable information about your organization's security posture. Here's how to make the most of them.

Understanding Your Score

Your overall score is a percentage representing how closely your current practices align with the Canadian Centre for Cyber Security's Baseline Controls. Here's what the grades mean:

  • A (85%+) — Strong baseline compliance. Your organization has comprehensive measures across most control areas.
  • B (70-84%) — Good progress. Solid foundations with some areas needing attention.
  • C (50-69%) — Partial implementation. Meaningful gaps exist that should be addressed.
  • D (30-49%) — Significant gaps. Your organization is exposed to considerable risk.
  • F (Below 30%) — Critical gaps. Immediate action is needed across multiple areas.

Prioritizing Improvements

Not all control areas carry equal urgency. Here's a practical approach to prioritization:

Address "None" Areas First

Any area where you scored "None" represents a complete gap in your defenses. These should be your highest priority, particularly:

  • Multi-Factor Authentication (BC.5) — The single highest-impact improvement
  • Data Backup (BC.7) — Your last line of defense against ransomware
  • Incident Response (BC.1) — You need a plan before an incident occurs

Build on "Basic" Areas Next

Areas where you scored "Basic" have some awareness but lack formal implementation. Moving these to "Moderate" often requires documenting what you're already doing informally and adding technical controls.

Strengthen "Moderate" Areas

Moving from "Moderate" to "Strong" typically involves closing coverage gaps, adding monitoring, and documenting procedures.

Building a Roadmap

Rather than trying to fix everything at once, create a realistic timeline:

  1. Month 1-2 — Address all "None" areas with highest impact
  2. Month 3-4 — Move "Basic" areas to "Moderate"
  3. Month 5-6 — Begin strengthening "Moderate" areas
  4. Ongoing — Re-assess quarterly to track progress

Take Action

Print your results and share them with your leadership team. Cybersecurity improvement requires organizational commitment — and that starts with understanding where you stand.

Re-take the assessment periodically to track your progress and identify new areas for improvement.

Disclaimer: This article is intended for general informational purposes only and does not constitute professional cybersecurity, legal, IT, or compliance advice. While we strive to ensure accuracy, the cybersecurity landscape changes rapidly and information may become outdated. Organizations should consult with qualified cybersecurity professionals and legal counsel to assess their specific situation and develop appropriate security policies. Use of this information is at your own risk. See our Privacy Policy for more information.

Cybersecurity Canada is an independent resource and is not affiliated with, endorsed by, or connected to the Canadian Centre for Cyber Security, the Communications Security Establishment, or the Government of Canada.

How does your organization measure up?

Take our free cybersecurity assessment based on the Canadian Centre for Cyber Security's Baseline Controls. 50 questions, under 30 minutes, 100% confidential — your answers never leave your browser.

Take the Free Assessment

Related Articles

Guide What to Do in the First 24 Hours After a Cyber Attack February 28, 2026 Guide 5 Easy Cybersecurity Wins for Canadian Small Businesses October 28, 2025
View All Articles